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DETAILED ACTION 

This office action is in response to tlie appeal brief filed on 03/1 1 /08. Claims 1-8, 10-11, 
13-16, 20, 33, 35, and 46-69 are pending in the application. The final rejection has been 
withdrawn in view of new found prior art. 
The allowance of claim 55 has been withdrawn. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AlPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AlPA (pre-AlPA 35 U.S.C. 102(e)). 

Claims 1 -8, 10-11,1 3-1 6, 20, 33, 35, and 46-69 are rejected under 35 
U.S.C. 102(e) as being anticipated by Raz US PGPUB Number 2008/0016566. 
As per claim 1 , Raz teaches s method of responding to an overload condition at a 
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network element ("victim") in a set of one or more potential victims on a network 
(abstract), the method comprising the steps of 

responsively to an indication of an anomalous traffic condition, initiating diversion of 
traffic destined for the victim by a first set of one or more network elements external to 
the set of one or more potential victims to a second set of one or more network 
elements external to the set of one or more potential victims (abstract; paragraph 0007), 
the element(s) of the second set filtering traffic diverted in step A ("diverted traffic") and 
selectively passing a portion thereof to the victim (software arrangements such as 
firewall 121 blocks unauthorized access; par 0013 and 0018; see also web guard 
processor 201 at par 001 9-0021 ). 

As per claim 2, Raz teaches a method according to claim 1, wherein the initiating 
step includes effecting a path of traffic that differs from a path that traffic would 
otherwise take to the victim (abstract; par 0013 and 0018-0021). 

As per claim 3, Raz teaches a method according to claim 1 , wherein 

the filtering step includes detecting any of (i) a traffic pattern that differs from 

an expected pattern and (ii) traffic volume that differ from expected volume, the 

detecting step includes determining whether any of the traffic pattern and volume varies 

statistically significantly (see par 0007 and 0018-0021). 
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As per claim 4, Raz teaclies a metliod according to claim 1 , wherein the filtering step 
includes detecting suspected malicious traffic (abstract and par 0007). 

As per claim 5, Raz teaches a method according to claim 4, wherein the detecting step 
includes detecting packets with spoofed source addresses (see par 0007 and 0017). 

As per claim 6, Raz teaches a method according to claim 1 , wherein the filtering 

step includes detecting traffic requiring a selected service from the victim (abstract; par 

0007 and 0018-0021). 

As per claim 7, Raz teaches a method according to claim 6, wherein the filtering step 
includes discarding traffic not requiring the selected service from the victim (par 0018- 
0021) 

As per claim 8, Raz teaches a method according to claim 7, wherein the filtering step 
includes discarding any of UDP (which is a connectionless mode protocol) and ICMP 
(which is an integral part of IP) packet traffic (see par 0004, 0007 and 0017). 

As per claim 10, Raz teaches a method according to claim 1, comprising operating one 
or more elements of the first set at points on the network around the set of one or more 
potential victims (par 0018-0021). 
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As per claim 1 1 , Raz teaclies a metliod according to claim 10, comprising operating one 
or more elements of the second set any of adjacent to or external to one or more 
elements of the first set (par 001 8-0021 ). 

As per claim 13, Raz teaches a method according to claim 10, wherein the anomalous 
traffic condition is indicative of a distributed denial of service (DDoS) attack (0007, 0016 
and 0017). 

As per claim 14, Raz teaches a method according to claim 10, comprising selectively 
activating the one or more elements of the first set by declaring a network address of 
the victim to be close in network distance to one or more elements of the second set 
(par 001 3 and 0018-0021). 

As per claim 15, Raz teaches a method according to claim 10, comprising associating 
the victim with first and second addresses, and wherein the filtering step includes 
discarding traffic received external to an area defined by the points directed to the first 
address, and passing to the victim traffic received external to an area directed to the 
second address (par 0006-0007 and 0018). 

As per claim 16, Raz teaches a method according to claim 10, wherein the diverting 
step includes redirecting traffic using Policy Based Routing (par 0018). 



Application/Control Number: 09/929,877 Page 6 

Art Unit: 2154 

As per claim 20, Raz teaclies a metliod according to claim 5, wherein detecting the 
packets with spoofed source addresses comprises executing a verification protocol with 
sources of the diverted traffic, and wherein the passing step includes passing to the 
victim traffic from a source that correctly complies with the verification protocol (par 
0007, 0013 and 0018-0021). 

As per claim 33, Raz teaches a method according to claim 1, wherein the filtering step 
includes statistically measuring any of a traffic pattern and volume so as to identify any 
of a source and a type of the overload condition (0018). 

As per claim 35, Raz teaches a method according to claim 33, comprising determining 
any of the traffic pattern and volume during a period when the victim is not in the 
overload condition, for comparison with any of the traffic pattern and volume in the 
filtering step upon detecting the anomalous traffic condition (0007, 0018-0021). 

As per claims 46-69, Raz teaches the entire concept of the invention as claimed. 
Furthermore, the concept of these claims have been discussed in the rejection of claims 
1-8, 10-11, 13-16, 20, 33, 35 above. Therefore, they are rejected under the same 
rationale. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Frantz B. Jean whose telephone number is 571-272- 
3937. The examiner can normally be reached on 8:30-6:00 M-f. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nathan J. Flynn can be reached on 571-272-1915. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Frantz B. Jean/ 

Primary Examiner, Art Unit 2154 



